Can you offer tips for keeping social media accounts and activity secure and compliant?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
The first thing you should remember when considering social media security is that everything said on social media is inherently public. You should plan to follow the same guidelines you use for any release of public information when considering a social media presence. The news is full of organizations that have been burned when someone with access to a corporate social media account posted offensive content, intentionally or accidentally, to the organization's feed.
Next, carefully control the passwords to your social media accounts. Make sure that each account is protected with a strong password and that the password is known only to a very small number of individuals. Unfortunately, most social media services are set up in a consumer-oriented fashion and do not have advanced access controls that allow delegation of posting authority, etc. If you need to grant multiple people access to your account, consider using a third-party service that mediates access without requiring shared passwords.
Finally, use common sense when it comes to social media and compliance requirements. Obviously, social media should never be used for credit card processing or to exchange other sensitive information. Publicly traded companies should also be aware of their obligations under Securities and Exchange Commission (SEC) information disclosure regulations. The CEOs of Twitter and Zipcar both recently learned this the hard way when they ran afoul of Regulation Fair Disclosure by posting information to their social media accounts, which had not been filed with the SEC in advance. Information security managers may not have a lot of direct control over what their CEOs do on social media or otherwise, but it's wise to at least do your best to incorporate dos and don'ts into the organization's social media security and compliance best practices policy.
Dig deeper on Social media security risks and real-time communication security
Related Q&A from Mike Chapple, Enterprise Compliance
Should companies obtain U.S. security clearance to join the Enhanced Cybersecurity Services program? Mike Chapple offers his perspective.continue reading
Does a Web application security assessment termed 'compliance ready' seem too good to be true? Learn its role in an enterprise compliance program.continue reading
Learn how hiring the right PCI DSS-compliant service providers, especially payment services providers, can reduce your compliance burden.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.